<html>
<head><meta charset="utf-8"><title>Std zip soundness issues · wg-secure-code · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/index.html">wg-secure-code</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Std.20zip.20soundness.20issues.html">Std zip soundness issues</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="227304835"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Std%20zip%20soundness%20issues/near/227304835" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Yechan Bae <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Std.20zip.20soundness.20issues.html#227304835">(Feb 22 2021 at 17:28)</a>:</h4>
<p>Recently, 4 soundness issues were discovered in the standard library zip iterator. Further detail is being discussed in t-libs stream.<br>
<a href="#narrow/stream/219381-t-libs/topic/Improving.20TrustedRandomAccess.20and.20its.20Zip.20specialization">https://rust-lang.zulipchat.com/#narrow/stream/219381-t-libs/topic/Improving.20TrustedRandomAccess.20and.20its.20Zip.20specialization</a></p>



<a name="227352467"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Std%20zip%20soundness%20issues/near/227352467" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Std.20zip.20soundness.20issues.html#227352467">(Feb 22 2021 at 22:46)</a>:</h4>
<p>What's the impact of this? If this resulted in widespread memory safety issues, hopefully someone would have noticed by now?</p>



<a name="227364138"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Std%20zip%20soundness%20issues/near/227364138" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Yechan Bae <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Std.20zip.20soundness.20issues.html#227364138">(Feb 23 2021 at 00:34)</a>:</h4>
<p>They require one or more of conditions such as a panic during iteration, nested partially iterated Zip, or calling next_back() before the forward iteration. So at least a single level zip iterated forward without panic is not affected, which I believe the majority of the use case.</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>